Taiwan, missile manufacturer hit, litigation donuts | #microsoft | #hacking | #cybersecurity | #hacking | #aihp

This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Yael Nagler, CISO, Walker & Dunlop

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit

As U.S. House of Representatives Speaker Nancy Pelosi made a brief visit to Taiwan this week, Taipei experienced a sharp increase in cyberattacks. Taiwan’s digital minister Audrey Tang said the volume of cyberattacks on Taiwan government units on Tuesday, before and during Pelosi’s arrival, surpassed 15,000 gigabits, 23 times higher than the previous daily record. Most of the attacks originated from addresses in China and Russia, but were not being attributed to the Chinese government, but to opportunistic hacktivists. An attack on Taiwan’s presidential website was followed by a DDoS attack on Taiwan’s Ministry of National Defense, on Wednesday, just after her departure. None of the attacks appear to show significant or lasting damage.

(Reuters and The Register)

The long tail of the chip shortage

A report in Nikkei Asia describes how chip suppliers in Japan and China are admitting they will miss the elongated delivery times they have promised to customers worldwide due to bottlenecks in the supply chain that they themselves rely on. These include manufacturers of chemical cleaning machines, valves, tubes, pumps, gases, and containers made of special plastics — all of which are vital to the painstaking precision required in chip manufacturing. Industry experts warn that countries who believe they can onshore the entire chip-making process to no longer depend on external suppliers will find the task impossible due to the complexity of the process.

(Nikkei Asia)

Canadian donut chain offers coffee and donut to settle data privacy invasion claims

Tim Hortons, a Canadian cultural cornerstone in the coffee and donuts sector, is offering to settle multiple data privacy class-action lawsuits against it by offering something it knows it’s good for: a coffee and a donut. The action is based on the discovery that between May 2019 and August 2020, Tim Hortons’ mobile apps collected geolocation data from users without their knowledge or consent. Tim Hortons will also have to permanently delete any geolocation data its apps improperly collected, and must instruct third party providers who had access to the data to do the same. The offer still requires approval from the courts.

(The Register)

Akamai disrupts record DDoS in Europe

The CDN provider reports it thwarted the largest-ever DDoS attack on the continent. The attack lasted 30 days, peaking on July 21st with peaks of 853.7 gigabit per second over a 14-hour period. The attack targeted an unnamed Akamai customer in Eastern Europe and used UDP as the vector, rather than HTTPS-based. Based on analysis of the attack, Akamai believes it used “a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign.” Back in April, Kaspersky reported that DDoS attacks hit a record in Q1, up 46% on Q4.

(The Register)

Thanks to this week’s sponsor, HYAS

Researchers discover apps leaking Twitter keys

A new report from security researchers at CloudSEK documents 3,207 apps that leak legitimate Consumer Key and Consumer Secret information. Of these, 230 apps leaked all four authentication credentials needed for a full Twitter account takeover. These leaked credentials could automatically harvested by a malware operation to enroll impacted accounts into a larger coordinated bot army. The researchers noted that other apps in the past have been found to leak secret keys for GitHub, AWS, HubSpot, and Razorpay accounts. CloudSEK recommends organizations review code for directly hard-coded API keys, and periodically rotate keys to help reduce the blast radius incurred by a leak. 

(The Hacker News)

EU missile maker denies breach but confirms extortion attempt

European missile manufacturer, MBDA, has refuted claims of a successful cyberattack on its infrastructure. However, MBDA clarified that bad actors have indeed acquired some of their data from an external drive used by the company’s Italian division. Hacking group, Andrastea, claims to have hacked MBDA’s network to steal 60 GB of data including info about employees, classified military projects, technical schematics, and contracts. Andrastea has leaked a sample of the data and demanded ransom payment. However, MBDA claims none of the leaked data is sensitive or classified and say they will not pay the ransom. Instead, the company plans to work with law enforcement to take action against the hackers.

(Bleeping Computer)

Coding issue impacts credit scores

The Wall Street Journal’s sources say the credit firm Equifax provided inaccurate credit scores on millions of US consumers seeking loans over a three-week period. From mid-March through early-April, a “technology coding issue” caused inaccurate credit scores, although Equifax said it believes this impacted load decisions on “a small number” of applicants. One bank speaking to the Journal said during the period 18% of applicants received incorrect scores, while an auto lender reported 10%. Equifax informed banks of the error in May. THe company said it fixed the issue impacting “legacy applications.” 

(WSJ)

Large scale phishing campaign targeting Microsoft enterprise email services

Security researchers at ThreatLabz published a report detailing a large-scale phishing campaign seemingly specifically targeting enterprise end users of Microsoft’s email services. The campaign uses adversary-in-the-middle techniques similar to a campaign Microsoft itself detailed last month. The attackers targeted organizations in the US, UK, New Zealand, and Australia. The attacks appeared more sophisticated than typical phishing, as it could get past two-factor authentication. The attackers also appear to register new phishing domains every day to further evade detection. (InfoSecurity Magazine)